Re: libc6: ldd: bogus check for read permission

To: "Aaron M. Ucko" <ucko@debian.org>
Cc: 149722@bugs.debian.org, debian-glibc@lists.debian.org
Subject: Re: libc6: ldd: bogus check for read permission
From: ucko@debian.org (Aaron M. Ucko)
Date: Tue, 06 Feb 2007 20:04:33 -0500
Message-id: <[🔎] udl4ppypyla.fsf@vinegar-pot.mit.edu>
In-reply-to: <[🔎] 20070207001656.GA31327@hades.madism.org> (Pierre HABOUZIT's message of "Wed, 7 Feb 2007 01:16:56 +0100")
References: <E17HxHj-0007Lw-00@tux.internal.ucko.debian.net> <[🔎] 20070207001656.GA31327@hades.madism.org>

Pierre HABOUZIT <madcoder@debian.org> writes:

> # ctl is in bcc
> reassign 149722 bash

Fair enough (building bash with -DAFS is probably a good idea in any
case), but I'd still appreciate a response to the last line or so of
my original report:

>> but I don't see any good reason for ldd to be checking access in the
>> first place.

To wit, why should ldd *care* whether its argument appears to be
readable (or, for that matter, executable, though failing that check
merely leads to a warning) at all?  Security vaguely comes to mind,
but the restriction's too easy to circumvent in normal circumstances
for that to carry much weight.

-- 
Aaron M. Ucko, KB1CJC (amu at alum.mit.edu, ucko at debian.org)
Finger amu@monk.mit.edu (NOT a valid e-mail address) for more info.

Reply to:

Follow-Ups:
- Re: libc6: ldd: bogus check for read permission
  - From: Pierre Habouzit <madcoder@debian.org>

References:
- Bug#149722: libc6: ldd: bogus check for read permission
  - From: Pierre HABOUZIT <madcoder@debian.org>

Prev by Date: Bug#238936: marked as done ([libc6] getifaddrs() fails to initialize ifaddrs.ifa_addr for PPP devices)
Next by Date: Bug#377416: libc6-dev: __THROW defined in <sys/cdefs.h> is broken with GCC 3.3
Previous by thread: Processed: Re: libc6: ldd: bogus check for read permission
Next by thread: Re: libc6: ldd: bogus check for read permission
Index(es):
- Date
- Thread